Recent blog entries by Artimage

Game Theory
I have finished the first chapter of Game Theory for Applied Economists.
So far my biggest problem is that I don't know economics terminology, but that
is a small hurdle. I am hoping to use game theory to work out the payoffs for
file leaching. Then to setup a system where one gets the best payoff for acting
honestly. I have taken a stab at a protocol to enforce this using ripped coins,
but I need to go over it at least once more before I will be actually ready to
believe in it. (Never mind show it to others.)

So far game theory has been interesting, and surprisingly, not wholly intuitive.
Probably part of that is its assumption that all players are rational, or that one
understands the payoff of another person. Both of those assumptions often turn out
to be false. The most trivial example comes from the
prisoner's dilemma, probably the
best known example of game theory. Most analysis only deals with the payoff in terms
of jail time, where as most people would think about many other factors such as
loyalty, and their future safety. (The link actually talks a bit about this, but most
treatments I have read skip this.)

Mnet
I finished my lookup code that uses a distributed hash table, Khashmir. The only problem
lies in the fact that Khashmir now uses sqlite, and it does not want to work on my
system. I tested sqlite, and it seems to be ok, but whenever I run the unit tests for
Khashmir I get an error about too many open files, or
"pysqlite_exceptions.OperationalError: database is locked". Maybe its a thread safety issue?
But it works for other people, and it never works for me. I will have to keep playing
with it.

Wireless
I spent most of the day fighting with Symbol's 1 mbit Spectrum card. These are pre 802.11b frequency hopping wireless cards. There is a driver for Linux on SourceForge, so that seemed like a good place to start. But I hit some snags since the driver wasn't really meant for the 2.4 kernel. So I tried turning of the PCMCIA kernel functionality, but that didn't work. Finally I figured out that the driver didn't want to work with PCMCIA tools package 3.2.1. So I switched to 3.2.0, and that made some headway. I also leaned that <linux/malloc.h> has been deprecated for <linux/slab.h>... That caused some confusion as well. But now I have a card that is recognized, so tomorrow the real fun begins. I am going to add some functionality to the driver so that I can change the MAC address, and then I will put it into promiscuous mode. Then all I need to do is tie it in with Kismet, a wireless sniffer, and I am good to go.

At home I installed the Netgear MR314 wireless router. That was actually pretty easy and pleasant. Now I can hack from my bed.

Papers
I just read Doucer's paper on Sybil attacks. The gist of his paper is that you must have some central authority if you want to prevent an attacker from assuming multiple identities. I like his example, hashing an IP address, since the central authority is somewhat hidden but still there. Zooko believes that he is missing the point since trust networks can get around this problem, but then again trust networks will someday fix all our problems and probably become the sentient AI that send robots back in time to kill us. Anyway, this has got me thinking about ways to choose an arbiter that is truly unbiased. I have been thinking about a protocol that is verifiable by both parties and gives either side very small chance to cheat. (I don't think it is possible to eliminate that chance completely since there is a chance that your random arbiter is either a second instance of one party, or a friend.) More to come on this once I have it all worked out, hopefully with some numbers and properties of resistance.

Mnetitamar* came over on Sunday for Mnet hack day, it was really a lot of fun to have someone to code with. I am helping him port EGTP to Twisted, and he is teaching me the zen of the Twisted reactor. We did end up getting a bit sidetracked though, talking about digital cash and anonimity. On a seperate note, I am still fighting with my dev environment and it is really starting to annoy me. The cygwin bash shell does not play well with Python's os.path.join(). This has led me to explore a tcsh shell not written by cygwin. I hope it works better because it is hard to test code when you can't get the packages installed. (This wasn't a problem before, but now that we are using distutils I am stuck.)

*It is an unfortunate side effect of advogato that one's name is case sensitive, hence my impoliteness at not capitalizing some people's names.

CryptoBrunchicepick is going to be in town on Sunday the 24th of November, so we are going to try to have a CryptoBrunch. There is a local coffee shop that has WiFi, and we intend to pipe in others over the net. I am also going to try to gather some of the NYC crowd (Itamar is alread in). If you live in NYC and you would like to talk about digital cash, crypto anarchy, p2p systems, or A-Team re-runs drop me an email.

BirthdayWell, I am a year older today. :) Actually, for the first time I actually feel younger than
last year. Being 25 is cool. Last night Heather and I went to Daniel for dinner, for those not in NYC it is highly rated French restaurant. We had a five course tasting menu, with matched wines, that was really amazing. My favorite was the saffron soup with muscles. I haven't yet opened my presents with one exception. I ordered myself a Netgear wireless AP from Amazon, so when an Amazon package arrived I opened it. Turned out it was a present from my little sister. Real Genius on DVD which is my favorite movie. I couldn't be happier.

WorkHacking for a living is still kind of fun. I coded my first test buffer overflow yesterday. It was pretty satisfying really. I want to take a look at some p2p programs for overflows now. :) My new project may be to write a wireless sniffer for a precursor to 802.11b cards. There is already a Linux driver out there, so the work should be pretty easy. But it looks like I only have 8 days to do it.

PartyWe are having a party on Saturday to celebrate the earth completing a trip around the sun without snuffing me out in the process. My best friend is coming in from Boston, which makes me very happy. And most of my friends, those not traveling through Thailand, will be there. All in all, its a good life.

MNetI still want to add Khashmir support to EGTP. I just haven't had time in the bast couple of weeks. Too much Capoeira. And this weekend is full too. But maybe I can steal some time one evening and at least get the unit tests written.

BooksI just finished Cronoliths by Robert Charles Wilson. It was pretty good, and definitely made me think. But I was not thrilled with the ending. Overall, I would rate it 4/5 or a B+. I am about to start A New Kind of Science by Wolfram. Hack and I are reading it together, so maybe we will get something out of it. :) I may also read The Man Who Loved Only Numbers: The Story of Paul Erdos and the Search for Mathematical Truth by Paul Hoffman for the subway since I would need a pack mule to carry ANKOS around with me.

It has been a few years since I played around with java so it is nice to be back. I am trying to write a plug-in for
WebProxy that will automate cookie collection and analysis. During this I found a place where I wanted to copy an object, so being from a C++ school of thought, I figured a copy constructor. I did a google search and found an interesting article arguing that in Java instead of a copy constructor one should implement the cloneable interface. It turns out that is interface is supported by Object, so that all one has to do is make a public method that calls the super.clone(). Wham, you have a copy. Simple, elegant, and easy. Now if the the rest of the API was only clean.

The Bunker

So my friend Lock now has the server that we will ship off to The Bunker. It is a dual proc 1U with two SCSI 3 drives. I believe he set it up to be a ~76G RAID 0 array. As of today it has FreeBSD and
all the packages we need, so hopefully we can ship it across
the pond by the end of the week. :) Today will be spent locking it down so that when it finally gets net access we won't get hacked in the first 30 seconds. We need to install tripwire before we ship it too.. Can't forget that. I am quite excited to finally have a secure box in a secure location. As soon as its up, we can put a remailer on it. And maybe a Tarzan node if they release the source.

Tarzan

I read the Tarzan white paper over the past few days. Since Def Con I have been thinking about this stuff a lot. Roger Dingledine has made me really pessimistic about anonymity, of course he has
chosen the toughest possible threat model. It seems to me that what Tarzan offers us is a leap ahead of everything else, but still won't satisfy Roger. The basic problem is that traffic analysis is still possible, and over time, it will work. Having said that, this system seems to do well against many forms of attacks. It assumes that every node has global knowledge of the node network, which allows them to do some interesting things. I still think that active attacks using DOS will be possible. But this system is a lot better than anything I can run at the moment. So that makes me happy. Still, it would be nice to get provable security. (Though that may be impossible.) Maybe using Palladium to ensure nodes can not be malicious will give us a boost. But even if you can guarantee that active attacks by nodes are impossible there is still traffic analysis. It seems to be that traffic analysis is like brute force, it always wins.

Danger

At lunch I am going to go down the street and see if the local T-Mobil store has the new
Sidekick for sale. This is simply the Danger hip-top renamed. I like the fact that it has unlimited data sending, and since my company pays for my cell phone now, I figure I might as well try this thing out. So I am going to go and see if its really as cool as it looks, if it is, expect me to post a review.

Wired has a really good article on Lessig's background. I recommend it. I am still unsure of what Lessig really wants when he asks geeks to fight. He does have a good point about not spending money that helps Hollywood and MS if you are fighting them. Instead of buying a DVD give the money to the EFF. etc... But that only goes so far. A planned boycott would be much more effective than me simply not buying an Xbox. Then there is the theory that we should work on projects that try to ensure freedom through technical means. Lessig doesn't think this is a good approach, becuase laws can make technology illegal. Ok, fair enough, but I am not going to become a lawyer either. So I need a bit more guidance as to how I can help. I write letters and send faxes, but that really doesn't feel substantial. Writing code at least ends with a tangeble product, though my job has cut into my time to work on cool projects. :(

Work

I am now officially getting paid to hack. Its really very satisfying, in a junior high sort of way. It has been so long since I did this kind of thing that I was afraid I wouldn't be able to do it. But it turns out that not much has really changed in 4 years. There are a few new attacks, the tools are better, but really its same stuff I was doing back in Purdue's Coast Lab (now renamed Cerias). Its nice to work with really smart people too. :)

Mnet

Well, v0.5.1 Stable was just released on sourceforge. Thats cool. I have been slacking due to my new job. Plus I am having serious issues with Cygwin and Python. I am not using Cygwin's python, just its shell. We have a .sh script to set up the env for us, but due to windows using \ and UNIX wanting / it has been having problems. Actually, I now believe that the slashes are not the problem. My current theory is that /cygdrive/d is not being interpreted correctly by python. Today I will try to set the path by hand and see if that fixes it. Anyway, long story short, until I figure this out, I can't test the changes I made. :(

Server

We now have a 1u box. We need to put BSD on it, and then send it off to TheBunker. Once that is up, I will look into setting up an anonymous remailer.

Books

I am just completing Rudy Rucker's non-fiction collection Seekwhich is broken up into 3 parts: Science, Life, and Art. I could have done without the Life sections since its mostly travelogues, having said that, I have really enjoyed it. The science section mostly deals with Cellular Automata, which is particularly relavant due to Wolfram's new opus. The Art section is short, but it talks more about cyberpunk, which is why I like Rudy in the first place. I really miss Mondo 2k (I also miss the cypherpunks). I miss the optimism that we had when we believed the net would really change the way society worked. I was talking with an ex-Kozmo employee a few days ago, and he said something that really summed it up for me: "For a while we were living in the future." I loved ordering things online and getting them an hour later, it really was instantanous gratification. And while the current crypto p2p movement is nice, it lacks the pithy slogans that made cypher/cyber-punks so cool. :)